PT-2023-4899 · Eprosima +2 · Eprosima Fast Dds +2

Name of the Vulnerable Software and Affected Versions: eprosima Fast DDS versions prior to 2.11.0 eprosima Fast DDS versions prior to 2.10.2 eprosima Fast DDS versions prior to 2.9.2 eprosima Fast DDS versions prior to 2.6.5 Description: The issue is related to an error in exception handling in t...

Missing deadline param in swapExactAmountOut() allowing outdated slippage and allow pending transaction to be executed unexpectedly.

Lines of code Vulnerability details Impact Loss of funds/tokens for the protocol, since block execution is delegated to the block validator without a hard deadline. Proof of Concept The function swapExactAmountOut from LiquidationRouter.sol and LiquidationPair.sol use these methods to swap tokens...

PT-2023-4554

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 3.0 OpenSSL versions prior to 3.1 Description The issue is related to the functions DH check, DH check ex, and EVP PKEY param check in the OpenSSL library. These functions can cause excessive delays when checking...

OSV-2023-599 Negative-size-param in passDoAction

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60723 Crash type: Negative-size-param Crash state: passDoAction translateString loutranslate...

OSV-2023-528 Memcpy-param-overlap in pdfi_copy_truetype_font

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60204 Crash type: Memcpy-param-overlap Crash state: pdficopytruetypefont pdfiloadfont pdfiloaddictfont...

PT-2023-35885 · Git +1 · Clamav

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type known as Memcpy-param-overlap. The crash state involves several functions, including repeat, p ere, and cli regcomp...

HTML Injection / Possible XSS

Description In pimcore I was able to identify a Unauthenticated HTML Injection / XSS Possible. Conditions: 2 factor authentication must not set before Vulnerable Endpoint: http://localhost/admin/login/2fa-setup Vulnerable Param: error= How it works, So basically any admin, who has not setup 2...

SUSE CVE-2023-21106

In adrenosetparam of adrenogpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

The vulnerability of the adreno_set_param() function in the drivers/gpu/drm/msm/adreno/adreno_gpu.c file of the MSM DRM kernel in the Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of data.

The vulnerability of the adrenosetparam function in the drivers/gpu/drm/msm/adreno/adrenogpu.c file of the MSM DRM kernel in the Linux operating system is related to the use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

Google Android 资源管理错误漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a security vulnerability that stems from a messed up instruction that can be responsible for freeing memory in the adrenosetparam of the adrenogpu.c file. An attacker can exploit the vulnerabilit...

OSV-2023-392 Negative-size-param in H5MM_memcpy

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58892 Crash type: Negative-size-param Crash state: H5MMmemcpy H5Olinkdecode H5Omsgiteratereal...

Denial Of Services (DoS)

engine.io is vulnerable to Denial Of Services DoS. The vulnerability exists due to the uncaught exception that occurs in the handleUpgrade function of server.ts and userver.ts when providing an invalid query param, which allows an attacker to crash the application through a maliciously crafted...

kernel: use-after-free after failed devlink reload in devlink_param_get

A flaw was found in the Netlink device interface implementation in the Linux kernel that improperly handled certain error conditions, leading to a use-after-free issue with some network device drivers. A local attacker with admin access to the network device could use this to cause a denial of...

Cross site scripting

The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link...

UBUNTU-CVE-2023-21106

In adrenosetparam of adrenogpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

PT-2023-35810 · Git +1 · Clamav

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type known as Memcpy-param-overlap. The crash state involves several functions, including repeat, p ere, and cli regcomp...

CVE-2023-30077

Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/reviewresult.php?maineventid=, maineventid...

Cloud Manager <= 1.0 - Reflected XSS

The plugin does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link. PoC...

CVE-2023-25213

Tenda AC5 USAC5V1.0RTLV15.03.06.28 was discovered to contain a stack overflow via the checkparamchanged function. This vulnerability allows attackers to cause a Denial of Service DoS or execute arbitrary code via a crafted payload...

Tenda AC5 缓冲区错误漏洞

Tenda AC5 is a wireless router from Tenda China. A security vulnerability exists in the Tenda AC5 USAC5V1.0RTLV15.03.06.28 version, which stems from a stack-based buffer overflow issue in the checkparamchanged function, which can be exploited by an attacker to cause a denial of service DoS or...